[01:12] Does this channel support Xbuntu LAMP servers? [01:12] It's all the same Terminal, right? the only diffrence is the GUI [01:14] lanc3r: servers generally don't run X [01:14] lanc3r: but there's no difference to the server side of things [01:15] Well, what's the biggie useing the GUI just to navigate to the terminal? how would you stop X and just run the command line? [01:15] why would it even be installed if its a server? [01:15] or do you mean you're using a desktop to do server related tasks? [01:16] It came with X, how do you downlad it without the gui? [01:16] yes'sir. [01:17] you'd download the server install cds if you just want a server [01:17] but regardless, all the server related stuff is the same if you use the desktop install or the server install, its all the same packages [01:18] Oh, I feel dumb.. I just installed the desktop version and put the extra tools I needed on there. [01:18] those tools will be the same [01:19] but in general, I wouldn't want X on a server, unless you had a specific reason for it [01:20] I'm still a bit new to Linux servers, It's pointless cause I just go straight to the terminal. [01:21] thats fine, everyone was new once :) [01:21] your situation might be different, but when someone says server, I think of a machine sitting in the corner somewhere, without anyone directly logged into it physically, and doing the admin via ssh [01:22] in general you only want running on a server what you need to provide the service, but situations are different for different people [01:23] I've got the packages for useing SSH but not sure how to implement them. [01:24] apt-get isntall openssh-server [01:24] Uh, duh. i said i have them. [01:24] that's it [01:25] you can now SSH into your server [01:32] Is it possible to access the functions in a bash script without executing other top level code? [01:33] I think not… but hoping someone has some ideas. [01:38] I don't understand what you're asking [01:39] mgw: other than refactoring the bash script to have the functions in another file that you source, no, I'm not aware of anything [01:40] right, the way to share code in a shell script is to move that code to a separate script and source it [01:41] bradm: that's what I thought… it's a 3rd party script that I'd rather not refactor, but I guess I have no choice [01:43] But maybe somebody has a better idea for what i'm trying to do. I want to wrap the lxc-ubuntu LXC template and perform some additional package installation and configuration. === thumper is now known as thumper-afk [05:32] are there any known bugs with software raid in the ubuntu installer for 13.04? [05:34] i keep getting a segfault during install while trying to setup a software raid... tested with mdadm in the installer shell and creating the raid isn't the problem [06:03] dangit, it's mkfs.xfs [06:31] Aw... it wasn't xfs... (even tho mkfs.xfs failed after install on a new software raid array) [06:51] gah, any mkfs fails on the assembled raid *sad* === smb` is now known as smb [08:31] how can i update linux kernel using apt-get? [08:32] am running lucid, but do not want to do a full release upgrade [09:23] bin__, apt-get dist-upgrade [09:32] where are the vnet interfaces defined and/or configured? [09:32] zetheroo: libvirt? [09:32] I was hoping for a config file or something [09:33] zetheroo: It's generated, when the machine boots. [09:34] is there any way to generate it without rebooting the host? [09:34] zetheroo: No. [09:35] all the other hosts have vnet interfaces on their bridge ... but one host has only eth0 and eth1 [09:36] zetheroo: http://wiki.libvirt.org/page/Networking [09:40] just rebooted the host - still not a single vnet interface === oyvind is now known as Guest41424 === Guest41424 is now known as oyvin === thumper-afk is now known as thumper [11:48] I have "KiB Mem: 603840 total, 497856 used, 105984 free." Why is that even though I have nothing running on my server? [11:49] Hi guys, I am trying to put firewall rules into /etc/network/if-pre-up.d/001.sh and 002.sh. I've given them root ownership and execute, but after a reboot the rules are not applied. (script work fine if I manually run them as root) [11:49] Also, when I look under %MEM, I don't see any single process that's using much memory... [11:49] msafi: Buffers! [11:49] Free RAM = wasted RAM. [11:50] Gargoyle, how come? Free ram -- in my mind -- means RAM available to be used... [11:51] msafi: buffers = RAM available to be used (but while you're not using it, the kernel is going to use it to make stuff faster) [11:52] I see. [11:52] Well, Gargoyle, my buffers is at 4536. What unit of measure is this number? [11:53] msafi: http://www.redhat.com/advice/tips/meminfo.html [11:54] Gargoyle, Thanks! [11:54] * ogra_ recommend "sudo apt-get install htop" to msafi [11:54] *recommends [11:54] ogra_, what does it do? [11:54] that displays memory usage more enduser friendly [11:55] ogra_, cool. Will try it! [11:55] its like top, but computes the MEM usage for actually used RAM [11:55] Anyone got any thoughts on my if-pre-up.d? Have I missed something? [11:55] Oooh. htop is nice! :D [11:56] ogra_, hey htop looks good! [11:56] :) [12:06] Oh wow… Seems I've stumbled into a 2009 "pre-up" argument… wonder what the outcome was... [12:09] Seems that NetworkManager took over… but I don't have that on a 10.04 server? [12:59] How to remove a password of an user so he cannot login anymore? [13:01] adac: passwd -l username maybe. [13:01] adac, sudo passwd -l [13:02] That won't prevent them from using key authentication to ssh in. [13:06] Pici, what can prevent this as well? [13:08] adac: You'd need to set an expiry date on the account as well, by using usermod -e 1 [13:08] Pici, I see! thanks! === psivaa is now known as psivaa-lunch [13:19] hey, anyone could give me a resource on parted disk label types ? or could briefly explain em to me ? "bsd", "gpt", "loop", "mac", "mips", "msdos", "pc98" or "sun" [13:28] jamespage: we need a new package for keystone [13:28] zul, what [13:28] ? [13:29] dogpile.cache https://pypi.python.org/pypi/dogpile.cache [13:29] welcome back mr freaking kotter [13:38] Katafalkas: what are you trying to do? On a normal Intel server machine you probably want msdos, or gpt if you have >3G disks. [13:38] (or a UEFI-only system) [13:38] zul, gah - you better offer an archive admin beer next time you see them then! [13:39] jamespage: i tried offering myself but that didnt go over too well [13:39] lol === psivaa-lunch is now known as psivaa [13:51] rbasak: I am making partition for database server. I am using parted. parted gives an error unrecognised disk label when I am trying to make ext4. I need to make label first. What albel should I use. I assume the gpt is the right one here. [13:53] how do i add hdparm to the Ubuntu "init" upstart system [14:09] Katafalkas: http://ubuntuforums.org/showthread.php?t=1457901 seems to be on topic, albeit dated. [14:10] just-a-visitor: cheers <3 === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying [15:01] ok, I just installed 12.04.3 LTS server 64 bit on a VMware VM [15:01] only package I picked was openssh [15:01] then I did an sudo apt-get update && sudo apt-get upgrade [15:01] then when I tried install ubuntu-desktop [15:02] the system is telling me: "Size mismatch" [15:21] anybody? [15:30] somebody! [15:30] sorry.... somebody! [15:30] ;) [15:30] DammitJim: grammatically correct, sir [15:30] huh - size mismatch? [15:30] yeah, it's the weirdest thing [15:31] I didn't have this problem when I tested it at home [15:31] DammitJim: try an apt-get dist-upgrade first [15:31] but here in the office it's spilling that [15:31] I did... came out with no problems [15:31] meaning... no upgrades [15:31] could it be a network problem? [15:34] I'm downloading a package at a time and see if that makes any difference [15:34] this is ridiculous [15:34] there is someone on askubuntu.com that said it was a problem with his firewall?? [15:35] that's a network/mirror problem [15:35] or proxy [15:36] no proxy here [15:36] OK, I finally got it to install [15:36] but I installed a bunch of lib packages manually [15:36] I hope there isn't an underlying problem for this production server [15:36] a size mismatch is a problem with the mirror or the server getting to the mirror [15:37] doing a sudo apt-get clean and sudo apt-get update can clear that up [15:37] oh ok, but if I installed the stuff and I got no errors, then it probably means it installed lxde properly, right? [15:37] yes [15:37] ok, I'm cleaning just in case [15:38] I think that clears the apt cache, right? [15:38] yeah [15:38] ok, now to exim4 config [15:38] anyone know what options I need to pick to only allow exim4 to deliver mail to 1 single domain? [16:04] mdeslaur: have you seen bug 1215282? [16:04] Launchpad bug 1215282 in puppet "Possible puppet performance regression with 2.7.11-1ubuntu2.4" [Undecided,New] https://launchpad.net/bugs/1215282 [16:21] rbasak: no, I had not, thanks [16:22] mdeslaur: np. I'm not really sure what to do with that bug. [16:23] hrm, me either...we just use the patches upstream provides us [17:08] hello [17:08] can I ask a question about pxeserver [17:09] !ask | marcel__ [17:09] marcel__: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience [17:10] Is it possible to make a pxeserver that supports win64 and win32 environments in the same pxeserver.cfg? [17:11] marcel__: do you still have 32bit hardware to be tanked with windows? [17:12] I have 32bit and 64 bit hardware [17:13] * RoyK hasn't had 32bit hardware except for a raspberry pi or other embedded arm things for some time [17:14] I did not ask for an opinion I ask for a solution [17:19] marcel__: what's pxeserver.cfg? Am I missing something? On Ubuntu Server I'm only aware of pxelinux.cfg and to use Ubuntu to netboot Windows, I imagine you need to do something Windows-specific from dhcpd.conf. ISC dhcpd can certainly differentiate based on things like vendor-specific options in the DHCP request, for example to specify a different "filename", if that helps you. [17:21] marcel__: I'd answer if I knew [17:21] The problem is that in the remap file you give the location of the windows boot files. But this is done before you get the menu. [17:22] But win32 and win64 are different files and can't be placed in the same folder. [17:26] marcel__: I beleive we've done that at work with different choices in a menu, but I haven't done it myself [17:26] can you figure out how they did it? === lj1 is now known as lj [17:32] marcel__: we're not using that thing anymore - the M$ guys took over and we're only rolling out windows with the M$ things [17:33] marcel__: and that was before I even started in this job [17:33] I am afraid you can't help me, or have you any suggestion where I can ask this question? [17:34] looks so [17:36] hrm, asking for windows help in a linux irc channel might not have been the most expediant way to get a solution.. [17:36] pity he left before I could suggest serverfault. [17:37] sarnold: it wasn't asking for windows help, it was asking for how to boot windows from pxe from linux, which is quite ok imho [17:38] RoyK: I saw the core of the question as "can win 32 and win 64 pxe boot from a single server".. smells like something that would require heavy windows experience, to me. [17:40] sarnold: he was talking about pxe booting windows from a linux box [17:41] sarnold: that is - perhaps I misunderstood - but normally windows don't use config files for such stuff [17:41] RoyK: you're right that the pxe all happens well before an OS is involved.. [18:03] utlemming, i just opened https://bugs.launchpad.net/ubuntu/+bug/1220366 [18:03] Launchpad bug 1220366 in ubuntu "cloud-images have inconsistent filenames in 12.04.3" [High,Confirmed] [18:05] smoser: ack [18:27] Hi, since I have a bug open for quite some time and it was apparently not necessary to update user space tools for a newer kernel with 13.04 - what are the chances it's going to be updated with 13.10? [18:27] https://bugs.launchpad.net/ubuntu/+source/targetcli/+bug/1111852 [18:27] Launchpad bug 1111852 in targetcli "targetcli bug - buffered fileio mode not saved across reboots" [Medium,Triaged] [18:28] It's not only the buffered mode btw, whilst 3.8 supports passwords on the portal as well (instead of just targets), the userland tools to configure it do not (that is, the ones that come with ubuntu do not as they're not updated) [18:37] hey can i make a user for FTP usage on the whole server that can read/write all the files in the system however can't execute anything? [18:37] so i wouldn't have to use root [18:37] Vasa: read more or less implies execute. [18:38] Vasa: what problem are you trying to solve? [18:38] just want to disable root for security but instead keep a way to edit all the files anyway [18:38] thought it would be smart to not let that new user run any scripts at all, just read them/write to them [18:38] and access via FTP only [18:38] even if the user adds an entry to /etc/crontab that opens a shell on a port? [18:39] ohhh well dont have cron anyway [18:39] is there a way? [18:39] i will take care of blocking what you mentioned [18:39] you can not execute over ftp, ftp is ancient and unsafe, use sftp or if you must ftps. Unless you like sending passwords with that much power clear/text over the wire, in which case you definitely want ftp [18:40] Vasa: Will you also block writing to /etc/init? or /bin/sh? I fear what you want to do is likely impossible. what is the problem you're trying to solve? there may be a better way to do it.. [18:40] freakynl please read original question, it was not my intention i already use sftp my intention was to avoid using ROOT to access the server and make a FTP account in aprallel with access to everything excpect for executing scripts [18:40] sarnold just want to avoid using root account yet still have a way to edit all server files [18:41] by 'all server files', do you mean wwwroot? or the entire filesystem? [18:41] Vasa: How is that really any different, given the examples provided by sarnold? [18:41] Vasa: sounds like a jolly bad idea to me, but you can set a root password and use sftp - old style ftp might work if you run the ftpd as root, but it will be entirely madness to open such a hole [18:42] That's gonna be hard. Extended ACL's should help, just adding it to the root group will grant too much perm [18:42] entire file system because i got various configurations in /etc and got to view logs in /var/log and got most of the files in /home [18:42] i use only sftp [18:43] ok maybe i don't need this much control [18:44] most stuff in /etc, /var/log and /home isn't executable (or better said, nothing in there *should* be executable although there's stuff like ssl-vpn clients that install in ~) [18:44] if i give access to a single user to /etc/nginx /etc/php5 /var/log/nginx AND /home/Websites it should not ruin the rest of the system right? [18:44] have a look at setfacl [18:44] i mean with chown [18:45] alright thanks everyone i think i know my solution thanks all [18:45] Vasa: I'd be carefull about blatantly using chown on those directory, as there might very well be some file where the daemons in question expect certain filer ownerships. [18:45] yes you are right [18:45] i will be extremly careful [18:45] Vasa: that's significantly better -- I expect it is possible to elevate privilegs from /etc/nginx/ to root, but it'd take slightly more effort and probably be more easily audited. :) [18:45] but if in htop i see that the proccess is with user www-data [18:45] its safe to make those configs all www-data right? [18:46] plus if the proccess starts as ROOT anyway he doesn't care what chown i put [18:46] Vasa: you do not want the web server to be able to write anything except its log files, upload directories if any, and database sockets if any. [18:46] you got a point i better take care of that [18:47] i made the user of nginx the owner of all the websites directory and all files in it [18:47] i guess it gives him all he needs to do his evil [18:47] Vasa: Really, this approah of yours really creates more problems than it solves. [18:47] and nginx is going to start as root, so it can bind it's socket. if you allow an untrusted user to write its configuration files, it can probably be configured to not drop privileges. BUT, this problem is so much more confined, it's significantly better... :) [18:47] alright alright you are right :P [18:48] i'll go with that thanks all good luck [18:49] Vasa: setfacl is safer [18:49] hmm he might be back soon ;) [19:39] hallyn_, hey - I just got passed this by one of the ceph rbd devs [19:39] http://pastebin.com/ARV5FPGu [19:40] it enables logging for librbd in qemu [19:40] and allows debugging via admin sockets in /var/run [19:40] any chance you can review and add if you feel appropriate [19:40] ? [19:41] jdstrand: ^ [19:42] jamespage: is anything under /run/ceph supposed to be privileged? [19:45] jamespage: do you mind opening a bug for it with just the contents of the pb) [19:49] (so i can point security team to it :) [19:57] hallyn_: so, /var/log/ceph/* rw and /{,var/}run/ceph/** seems like they should be vm specific? I'm not keen on 'capability mknod,' at all, but I guess it wouldn't be the worst if the process was unprivileged === IdleOne is now known as io [20:32] hallyn_, sure [20:36] hallyn_, bug 1220431 [20:36] Launchpad bug 1220431 in libvirt "Updates to apparmor profile for ceph rbd" [Undecided,New] https://launchpad.net/bugs/1220431 [20:42] jamespage, any known issues with ceph + havana + juju-core? === HisaoNakai_ is now known as HisaoNakai [21:51] Hello. I'm having an issue with PHP on Ubuntu Server 12.04 that is driving me nuts. I've been at this for two days. [21:52] I set the memory_limit is php.ini but it's being ignored. [21:58] jamespage: ^ do you have any testcases that use ceph, so that you could confirm whether /run/ceph/** and /var/log/ceph/** can be made per-vm (i.e. it's actually /run/ceph/libvirt-$uuid or something)? [22:22] Why do I have to use sudo before almost any command? Is this how things should be? It doesn't feel right. [22:24] msafi: It Depends. :) [22:24] msafi: sometimes people who have over-used sudo find they need to use it all the time to work with files that should not be owned by root, but are anywhere.. [22:24] s/anywhere/anyway/ [22:25] msafi: but if you're working on configuring services you will quite often need sudo, because standard users do not have permissions to modify important system configuration files [22:26] sarnold, even when I'm in directory var/www/ I have to use sudo mkdir ... [22:26] I'm getting tired of it... [22:27] Here we go again, git clone permission denied. [22:27] msafi: you could change the privileges of that directory to allow your user account to create and modify websites without any effort, but I'd rather be forced to use 'sudo' as a simple check, to make sure I'm thinking. :) hehe. [22:28] Good point. But I like to learn from mistakes instead of being too careful. [22:29] it is a good idea to check your backups work from time to time :) [22:29] Can I tell ubuntu to execute all of my commands as sudo? [22:30] msafi: run 'sudo -s', that'll give you a root shell. [22:30] I see. [22:31] "sudo -s" added to my cheat sheet... Thanks! [22:32] I'm having an issue with PHP on Ubuntu Server 12.04 that is driving me nuts. I've been at this for two days [22:32] I set the memory_limit is php.ini but it's being ignored [22:32] SysFailure0x5a: in what way is it being ignored? [22:32] php.info still shows the default value [22:32] info.php* [22:33] I.E. I set memory_limit = 256M but php.info shows 128M [22:33] SysFailure0x5a: did you restart the server or fastcgi thing that you use for executing php scripts? [22:33] I can set it to 64M as well and it still shows 128M [22:33] Yeah, reload, restart, and even server reboot does nothing [22:33] php-fpm [22:34] No value works. 16, 32, 64, 96, 256, 512, I even removed/purged and reinstalled php. [22:35] SysFailure0x5a: are you confident that you were editing a file used in the php-fpm configuration? perhaps it uses a different php.ini by default? [22:44] SysFailure0x5a, there are many places to edit that [22:45] in /etc/php5/fpm/php.ini and also /etc/php5/fpm/pool.d/* [22:45] I personally perfer to only modify the /etc/php5/fpm/pool.d/* files [22:46] Yes, I do a mv php.ini under /etc/php5/fpm/php.ini (same location in info.php) and it said config not loaded. Put it back and it said it was loaded. [22:46]

[22:46] The files in pool.d have no mention of memory_limit [22:47] you sure? cause by default they do [22:47] What file? [22:47] I did a cart of each one. [22:47] cat* [22:47] heh? [22:47] cat is not very useful [22:47] root@liquidio:/etc/php5/fpm/pool.d# ls [22:47] www.conf [22:48] grep could be [22:48] I sitll pipe cats lol [22:48] bad habbit [22:48] * sarnold arrests SysFailure0x5a for senseless abuse of cat :) [22:48] default is, ;php_admin_value[memory_limit] = 32M [22:48] but commented out [22:49] that will override anything in php.ini [22:49] hm [22:49] crap [22:49] that must be it [22:49] I must have over looked it [22:49] if it is, grep would of found it [22:49] assuming you did grep, and used grep properly [22:50] I don't ever remember having an issue with this file. It's worked in the past with ubuntu by just modifying php.ini [22:50] Thanks!!! [22:50] Yep, that fixed it. [22:51] that file by default HAS NOTHING TURNED ON [22:51] it's all commented out [22:51] but you use that file to adjust defaults, so you can run many php, with different options [22:51] like, we use a normal one for webusers [22:51] but use one with higher timeouts and memory use, for admins [22:53] I'm the only user on this server, I've never touched that file ... [22:53] It was uncommented === freeflying is now known as freeflying_away [23:35] hi [23:36] if im running a web server, would i need to allow non-root read permission on /tmp directory ? [23:43] a|3x: that question is kind of all over the place :) hehe [23:44] a|3x: (a) /tmp is already by-default world readable [23:44] a|3x: (b) I don't imagine any reasonable web server uses /tmp/ for anything it does internally [23:44] a|3x: (c) if you're running php scripts or similar that -does- require /tmp/ access, hopefully they create their own directory and restrict access as far as they can [23:53] Is it possible to apply guest additions to server under virtualbox? My attempts want x11 to be in play. I don't care about the mouse or display but would like to mount vbox shared folders.